WPA3 Vulnerability Compromises Security of Wi-Fi Passwords

WPA3 Security Protocol Announced In our article, we talked about the new wireless network standard and the innovations it brings. While WPA3 offers significant security enhancements, it is a new academic articleshowed that it is possible to obtain the password of a wireless network using effective and low-cost attack methods using the vulnerabilities of the protocol.

The WPA3 protocol was designed to improve wireless network security, and guesswork attack methods made passwords nearly impossible to obtain. This feature of WPA3, called Simultaneous Authentication of Equals (SAE) or Dragonfly, could theoretically even prevent users from hacking themselves.

However, research by Mathy Vanhoef of New York University Abu Dhabi and Eyal Ronen of Tel Aviv University & KU Leuven showed that hackers can obtain passwords using two main vulnerabilities in the design. Vanhoef was one of the researchers who uncovered the hit WPA2 KRACK vulnerability in 2017. Researchers state that if necessary precautions are not taken, sensitive information such as credit card information can also be obtained by hackers. The vulnerabilities on the WPA3 Personal standard were named “Dragonblood”.

One attack method, called a backward compatibility attack, targets the pass-through mode, where the WPA3 standard provides backward compatibility with WPA2. If a client and access point support both WPA2 and WPA3, hackers can create a fake access point that only supports WPA2. Thus, WPA2’s 4-way pairing is used. Even though the client detects that 4-way match is used, it’s too late. Because 4-way match messages allow to launch an offline dictionary attack to obtain Wi-Fi passwords. The attacker only needs to know the network name, called the SSID, and be at a distance to broadcast a fake access point.

The side-channel attack method, on the other hand, targets Dragonfly’s password cracking method. Two methods based on cache and timing target this algorithm. Dragonfly’s hash-to-cruve algorithm is targeted in the cache-based attack, while the hash-to-group algorithm is targeted in the timing-based attack. The information obtained in these attacks allows to perform a password partitioning attack, which has a similar structure to the dictionary attack.

Researchers say the attacks are effective and low-cost. He states that cracking an 8-character and lowercase password requires less than 40 matches and an Amazon EC2 server worth $125. Additionally, the researchers note that WPA3’s built-in DoS attack protection can be easily circumvented, and attackers can overload the access point with a large number of match requests.

Vanhoef and Ronen state that they are collaborating with the Wi-Fi Alliance and the US CERT Coordination Center (CERT/CC) and have notified affected manufacturers. The Wi-Fi Alliance acknowledged the vulnerabilities and provided guidance to affected manufacturers to fix the issues. Manufacturers have also started to offer patches to their devices.

ESET Network Protection…

ESET Smart Security Premium Review…

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *